GCP-2026-043
Summary
A vulnerability in Firebase Studio (Google's backend service for building apps) allowed authenticated users to access and download source code and list storage buckets belonging to other users' projects. The vulnerability has already been fixed and deployed to the backend service.
Solution / Mitigation
No action is required as the fix has been deployed. As a precautionary measure, users who stored sensitive information such as API keys (secret codes that grant access to services) in their Firebase Studio workspace may choose to rotate these keys by following instructions in the Firebase Studio troubleshooting guide.
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://docs.cloud.google.com/support/bulletins/index#gcp-2026-043
First tracked: June 24, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 85%